Technical
Reboot PFSense HA Pair
- There will be exceptions to the below, but for a standard HA reboot process this should be applicable.
Before restarting, confirm the following:
On both firewalls, check CARP status. This is under Status gt Carp (Failover)The primary firewall should show all interfaces status as MASTERThe secondary firewall should show all interfaces status as BACKUPimage.png 8.23 KBOn both firewalls, check Gateway status. This is under Status gt GatewaysAll gateways should show as Online on both firewalls with no loss for a successful HA failover.
Mimecast For Outlook 7 10 Install
- Install files for Mimecast 7.1 (all prior version are EOL 2/28/22)Mimecast for Outlook 7.10.0.72 (x64).msi 20.3 MBMimecast for Outlook 7.10.0.72 (x86).msi 20.13 MB
How To Expand Storage On A Proxmox Virtual Machine
- Use Case:
In the event that the hard drive fills up on a Linux VM, and space cannot be cleared, additional storage must be added. This can be accomplished easily within the Proxmox hypervisor itself.
Pre-Check:
Before allocating additional space, please schedule a reboot of the appliance. Afterwards, confirm if the storage still needs to be expanded. Linux does not free up space for deleted files if the related process is still running.
AIS Managed Firewall Specifications
- Baseline specifications
AIS VoIP Phone Compatibility
- SIP-compatible phones specifically validated to function properly with AIS Managed VoIP
Bidirectional NAT For NMS
On the Router
Go to VPN.Select IPsec.Select the green “Add P1” button on the bottom left.Select the below settings for the Tunnel Phase 1:Key Exchange version: IKEv1Internet Protocol: IPv4Interface: WAN-VIPRemote Gateway: IP of NMS firewall Description: AIS NMSAuthentication Method: Mutual PSKNegotiation Mode: MainMy identifier: IP Address VIP addressPeer identifier: Peer IP AddressPre-Shared Key: Create a new Pre-Shared KeyEncryption Algorithm: AES SHA256 2 (1024 bit)Lifetime: 28800NAT Transversal: AutoDead Peer Detection: Enable DPD checkedDelay: 10Max failures: 50Select the below settings for the Tunnel Phase 2:Mode: Tunnel IPv4Local Network: Network / Local SubnetNAT/BINAT translation: Network / Subnet to be used on NMSRemote Network: NMS NetworkProtocol: ESPEncryption Algorithms: AESHash Algorithms: SHA256PFS key group: offLifetime: 86400Automatically ping host: NMS Internal IP
Remote Access Procedure 2021
- AIS_Remote_Access_Procedure_2021.PDF
How To Generate An O365 App Password
- Go to https://login.microsoftonline.com2. Click on your initials at the top right3. Click View Account4. Click Security Info5. Click +Add method6. Choose App password from the dropdown7. Click Add8. Name the App Password (e.g. iPhoneMailApp)9. Click Next10. The password is displayed. Enter this instead of your usual O365 password when the password is requested on your phone. 11.Click done. 12.One you have clicked “done” you cannot go back to view the password.
AIS VoIP Admin Documentation
Change the system initial menu Please contact AIS Support for assistance with IVR (initial menu) changes. Re-record system recordings
Dial the specified feature code for the desired system recording from any handsetEnter the password, if required, followed by ‘'#’’ (the system will prompt for the password to be entered if one has been set)You will hear a beep and then the existing system recording will playTo listen to the recording again, press ‘‘1’’To re-record the recording, press ‘'’’After the beep, speak the new version of the recordingPress ‘'#’’ to end the recordingTo listen to the new recording, press ‘‘1’’To re-record the recording, press ‘'’’Hang up when you are satisfied with the way the new recording sounds
AIS VoIP Detailed Deployment Planning
Type of Voice Lines Overview
A VoIP deployment can connect to the phone system in a number of ways: By using existing analog lines and analog-to-digital conversion hardwareOpt to have no connections to analog lines for voice traffic and instead use a VoIP all-digital connection to an external phone service called a VoIP-termination service (note that fax lines and any emergency voice call lines generally need to continue to be analog-based) – see “Digital Incoming Lines” below digital connections depend on the site’s Internet connection to the VoIP-termination servers working and having adequate bandwidth for voice traffic available at all timesOr, use a mix of the two approaches More information is below on each approach.
AIS VoIP E911 Test Procedure
- Testing with 933:
Twilio has allowed 933 to test your E911 number. You can test any number as much as you need to. It will allow you to test voice going both ways and whether the system is able to identify your address.
Testing with a test extension: You should be able to set up a test phone set it up on AIS VoIP. This will allow you to test remotely.
AIS VoIP End User Documentation
Call forwarding
This feature allows you to direct calls to your extension to instead to another internal extension or to an external phone number, such as your cell phone or home phone number. The “Follow me” feature (below) can also be used to do this. Enable call forwarding
Instructions
Dial the “Call Forward All Activate” feature code (''*72’')After being prompted, enter your own extension number followed by ‘'#’’ (this is the extension to redirect)If directing the call to another internal extension, enter the extension number followed by ‘'#’’If directing the call to an external phone number, enter the external number to dial followed by ‘'#’’The settings will be read back to you to confirm them.
AIS VoIP End User Voicemail Instructions
Voicemail
AIS Managed VoIP provides a highly flexible, highly capable voicemail system. Accessing Your Mailbox
Log in by pressing the voicemail button or by dialing *97 from your VoIP PhoneIf dialing from a phone with a different extension, dial *98, then your extension numberVoicemail Menus
Main Menu
The main menu will be the first menu you hear when you have logged in. Here are the main menu options:
Cisco 79xx VoIP Phone Configuration On AIS VoIP
Requirements: Cisco VoIP phones have a maximum Extension Secret/Password length of 16 characters (If a longer password is used, the phone will not register) Overview
create extension for phone in AIS VoIP:Applications gt Extensions gt Add Extension gt New CHAN_SIPUser Extension: ext numberDisplay Name: ext numberOutbound CID: 10-digit phone number associatedSecret:Click “Advanced”.NAT Mode: YesTransport: All - TCP PrimaryClick “Submit”.Click “Apply Config” (Red button on top-right).Add external IP range to firewall port 69:create SEP[MAC ADDRESS].
E911 Setup With AIS VoIP
- There are two components to setting up AIS VoIP for calls to emergency services:
An outbound route must be set up. This will detect when somebody is trying to call 911 and specify the Emergency CID is to be used instead of normal CID settings.If there are multiple locations, specify the emergency CID for each extension.Emergency Outbound Route:
Note: As stated above, this setting allows the system to identify when it should override normal caller ID setting with the Emergency Caller IDs we will setup in the next step.
E911 Setup With Twilio
- Prerequisites: A Twilio account should be set up and able to make calls.
Picking a number or numbers for E911: Each location at which VoIP services is set up should have one number set up as the E911 number. To reduce costs, only one number needs to and should be configured for a location. Whatever is considered to be the main line at the location should be chosen. This number will be the number 911 dispatch sees and will call back if they get hung up on.
Grandstream Setup With AIS VoIP
- Gather SuppliesPhysical installPlace phone.Connect patch cable to patch port in wall to the LAN port on phone.Optional Connect patch cable to computer and the PC port on phone.Troubleshooting: Phone not powering onEnsure the patch port is connected to a PoE on Switch.Check cables are seated and in correct port.If switch is not PoE capable connect a PoE injector on the line or use power cable for the phone itself.Network connectionBy default, the phone will use DHCP and should pull IP configurations automatically.
Resetting IP Phone To Factory Default
- Note: If you choose factory reset, you will return the phone to the original factory settings and will erase all current settings, including the directory and call logs.
On the SPA itself, press “Setup” (https://www.cisco.com/c/dam/en/us/support/docs/collaboration-endpoints/spa901-1-line-ip-phone/108802-5220-001.png).
Go to Factory Reset (14) using “Navigation” (https://www.cisco.com/c/dam/en/us/support/docs/collaboration-endpoints/spa901-1-line-ip-phone/108802-5220-003.png).
Press the “OK” soft key. SPA will reboot and will be back to its default settings.
Twilio Phone Porting Steps
- Log on to the Twilio portalFrom the home page, click on the pound symbol:Under “Phone Numbers,” click on “Port Host” and then “Port a Number.”Select the checkbox next to all five conditions to agree to them and then proceed to fill out the billing address for the customer.List the phone numbers being ported, and upload the latest billing statement from the current provider:Fill out the Twilio Inc. Letter of Authorization and upload to Documents.
Configure A Palo Alto Firewall To Send Syslog To AIS Managed SIEM
Name: AIS_SIEM Server: syslog.aislabs.com Transport: UDP Port: !!Provided in email!! Format: BSD Facility: LOG_USER
Office 365 Configuration To Send Logs To AIS Managed SIEM
Requirements:
At least one Microsoft 365 E5 license is required on office 365 tenantNeed to log in with Office 365 Account that has Security Admin and Compliance Admin permissionsSteps:
Log in to Office 365 Admin.Enable mailbox auditing in Office 365 using PowerShell (1-2019, MS enabled auditing by default BK)Link to steps: https://docs.microsoft.com/en-us/office365/securitycompliance/enable-mailbox-auditingEnable Exchange Online tracking - https://docs.microsoft.com/en-us/office365/securitycompliance/enable-mailbox-auditingEnable auditing.Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq “UserMailbox”} | Set-Mailbox -AuditEnabled $trueConfigure auditing.
Sending SoftEther VPN Server Logs To AIS SIEM
- Access SoftEther VPN Manager.Click “Encryption and Network”.Click “Send Server and Virtual Hub Security Logs by Syslog”.Syslog Server Host Name: syslog-in.aislabs.comPort: [AIS SIEM port assigned]
SIEM Stream Creation/Modification In AIS Managed SIEM
- Key steps:
Find the AIS Managed SIEM Input you wish to use for the new Stream.Click “Show Received Messages” next to the desired Input. Copy the Search Query near the top of the page.Click “Create Stream”.Add title and Description.Click checkbox “Remove matches from All Messages” stream.Click “Save”.Find the newly created Stream and click “Manage Rules” next to it.Click “Add Stream Rule”.In the Field textbox, type gl2_source_input Value textbox.Use the second part of the Search Query from Step 2.
User Account Creation/Modification In AIS Managed SIEM
Key steps:
Log in to https://security.aislabs.com.Click System top menu and then “Authentication”.If this is the first time creating a User for this Account, click “Roles” on the left side.Click “Add New Role”Name: ClientNameDescription: ClientNamePermissions:Streams: Click “Allow Editing” only next to the Stream.Click “Dashboards”.Click “Allow Editing” only next to that Dashboard.Click “Save”.Click “Users” and then “Add new user”.Username: type the email address. Note: AIS SIEM usernames are case sensitive, please only type the email address in lower case.
Adding Devices To AIS NMS
Adding new devices to the AIS NMS
log in to NMS platform as an admin userFor SNMP-enabled Devices (Most Devices)
Click Devices gt Add DeviceIn the Hostname textbox, type in the Hostname or IP Address of the device to be added.In most cases, the remaining default settings should stay the same and you should be able to click “Add Device”.For Ping Check Only Devices (Comcast Modems, etc)
AIS NMS Architecture Documentation
NMS Concepts:
Poller group: One or more NMS servers behind a pfSense that polls SNMP, icmp, and other service data from devices assigned to a specific Poller group every 5 minutesAll Poller groups use the same MySQL cluster as a central database.The web interface can view Devices from all Poller groups because of the central database.Manually adding devices must be done from the web interface of the Poller group associated with that device.
Creating A Service Monitor In NMS
- If you have ever had complaints of erratic behavior from an external web server that is out of your control, it can be difficult to convince a user that the issue is on the external host’s side. This guide will show you how to add a service monitor to NMS to monitor a website or device to which you do not have access.
In most situations, you will not be able to enable SNMP on an external web server.
Creating Or Modifying AIS NMS Alert Rule Notification
- Note: Alert Rules and Notifications can only be accessed by an AIS admin user
Login to NMS portal as an admin user.On the top navigation bar, hover over Alerts-gtAlert Transports.If the user doesn’t have an existing Alert Transport, click button “Create alert transport”.Transport Name: NameTransport Type: MailDefault Alert: Off (Note: Turning this on would send all alerts from the entire system.)Email: Email addressClick button “Save Transport”.On the top navigation bar, hover over Alerts-gtAlert RulesIf there isn’t an existing Rule, click “Create rule from collection”Select “Devices up/down”.
Enabling SNMP On VMware Vhost For AIS NMS
Enable SSH on vmware host if not already enabled: https://www.thomasmaurer.ch/2011/08/enable-ssh-on-esxi-5-via-vsphere-client/
Use Putty to SSH into VMware host. esxcli system snmp set –communities publicesxcli system snmp set –enable true/etc/init.d/snmpd startesxcli network firewall ruleset set –ruleset-id snmp –allowed-all trueesxcli network firewall ruleset set –ruleset-id snmp –enabled trueFollow steps in the following to set the SNMP Service to Start automatically on Host boot: https://pubs.vmware.com/vsphere-50/index.jsp?topic=2Fcom.vmware.vsphere.monitoring.doc_502FGUID-8EF36D7D-59B6-4C74-B1AA-4A9D18AB6250.htmlAdd the vmware host IP to AIS NMS
Provision New Webroot And Continuum Site
Set up Webroot First, prior to Continuum site.
Log into Continuum site.Log into Webroot portal.Click “Add Site”.In the first screen, enter site name using Full Company Name. Company is External, Size(approx), Industry(approx), leave all other fields at default.Change no other fields and click “Next”.On the Permissions page, hover over “Admin” radial in the top-left column. This makes the AIS admins admins over the site. Click “next”.This is the Protection page.